Re: Mumbling about MP security
 

No it was the turn file itself. As near as can be figured the .trn had a gem number, the gems were added, and then they were "money laundered" into other things before returning the .2h to the server. There were checks but even the checks that were put into the game caused complaints from players when they reported "cheats" which werent really cheating players. That may have slowed down adding additional checks.

Re: Mumbling about MP security
 

This also worries me. I'm thinking of having my server make a a complete .tar.bz2 image of the game directory every turn.Then a master password, and independent part (NOT ME!!!) and the backup history could determine any cheating for sure.

What do you think?

Re: Mumbling about MP security
 

yah that would work wonders even if only to scare off certain potential cheaters. all that really happened here was that IIRC was that the existence of a master password allowed norfleets lies and the extend of his cheating to be exposed. a turn by turn history would might also, however, have provided valuable clues as to what precisely he was manipulating.

Re: Mumbling about MP security
 

If for no other reason, it would be simple enough to implement and would at least make everyone feel better. If you need a "neutral server" we can setup an auto-ftp between your server and mine. Or you could put the tar's in a directory and just schedule a remote sync using some sort of mirror software.

Re: Mumbling about MP security
 

Hmmm, frankly I still want to jump you case about it Gandalf, since I don't see the server-side gem tracking to be such a huge problem to implement, but I'll let it pass. http://forum.shrapnelgames.com/images/smilies/wink.gif Otherwise we would become involved into discussions what constitutes to be "hairy" and what doesn't. And most likely end up agreeing on sciencific terms such as "hairy but with big bald patches", or "balding but still retaining some hair". http://forum.shrapnelgames.com/images/smilies/laugh.gif

Re: Mumbling about MP security
 

My answers are not Johans. He is already looking at it.

Part of the problem is that this is a forum full of programmers to whom nothing is impossible. And Im more hacker to whom no absolute security is considered possible. But I should stop arguing the points to allow for placebos if nothing else. (insert truly evil smiley here)

Re: Mumbling about MP security
 

Good to hear this.

Heh. Between hackers and programers, all interested at the same goal, some good security ideas could be developed... http://forum.shrapnelgames.com/images/smilies/wink.gif

Re: Mumbling about MP security
 

Absolute security may not be possible, but, as described above, client hacks can be eliminated by simply passing the client a partial copy of the game state, with the client only returning a list of orders to the server. Then it doesn't matter what you do to the client, the server processes the orders against the true game state. If you screw around with the client or the information passed to the client, then you'll only be hurting yourself as your orders won't map properly to the true game state.

A cheap safeguard, if only in reverse...
 

Yeah, my feelings, too. Hunting for an actual cheat (on a subtle scale, not norfleetscale) would be like searching for a straw in a haystack...

No need for the neutral server. If my server is comprismised, or if I'm dishonest, nothing will change that. I'll try to make an implementation tomorrow or Sunday, but no promises... but now I really have to sleep http://forum.shrapnelgames.com/images/smilies/happy.gif

Re: Mumbling about MP security
 

Yeap, that's what I had in mind as well. I said earlier when I quoted "the client is in the hands of the enemy" mantra, all importent tasks should be performed only by the server, and the server should keep in mind state of the previous turn (or even several turns, for additional security checks). Than, *as long as server is not compromised*, such sustem is practically impossible to hack from the client side, with hex edit or anything else. And I am sure Mose (as well as other people with good technical knowledge who may decide to run public servers for the Dom2 community in the future) can protect well his server from being hacked directly, that would become nesseserly to do in order to hack various Dom2 hosts that are being run on his computer. In any case such hack would be much more complex and difficult to pull of, that the current mostly client-centered system, and IMHO very unlikely to be developed at all. Remeber, after all the probability of new hack being developed is directly proportinal to the size of the players community. And unlike Blizzard's MP games, Dom2 have 1000 times smaller audience, therefore the apperance of very complex server based hacks, that would also require server's security to be breached in order for them to work, IMHO extremely unlikely.

Re: Mumbling about MP security
 

Oh, it's quite possible to make a computer program without any security flaws - the tricky thing is <i>knowing</i> that there aren't any security flaws in it. :-p

Re: Mumbling about MP security
 

The methods of cheating discussed in this forum (with the exception of Taqwus) seem to focus on alteration of *data* files of the game in question, in two forms:

1. The machine on which the game was hosted was compromised and the fatherland file was edited to change game state. Than the modified, but structurally valid fatherland file was used the hosting Dominions 2 system generate the next turn

2. Either trn or 2h files were modified such that an illegal (but structurally valid) 2h file was returned to the server, which failed to detect the inconsistency in the game state.

Both of these methods assume that the hosting installation of Dominions was operating correctly on the input it was given (although it may be insufficiently paranoid).

If 1) is the true scenario than this clearly need not be the case, the attack would have had access to the executable, configuration information, and runtime state during hosting.

Even if the attacker does not have root access on the hosting server, there is the possibility of a remote exploit in Dominions, either through structurally invalid 2H files or attacks through the network connection.
In short, it may be that the server was coerced to generate invalid turn files, rather than failing to detect subtle modification of an otherwise valid input.

I won’t speculate further as to how this could be carried out.

Of course, the devs may have reason to rule these sorts of attacks out.

Re: Mumbling about MP security
 

OMG! I have figured it out! Stormbinder and Norfleet are the same person! You all fell for it suckers!!!!

Re: Mumbling about MP security
 

Is this thread about baseball?

Re: Mumbling about MP security
 

No this thread got started after a particularly ugly thread about cheating by a very prominent member of the forum got locked. The title is a sentence commonly used in the USA as a way to change the subject when the current subject is uncomfortable or for some reason taboo.

Re: So how \'bout those Mets?
 

Having just read this thread (after a few weeks off the forum), I must say I'm very surprised that, apparently, .2h (orders) files are not what (I believe it was Taqwus) suggested, ie, purely a list of orders to be compiled by the server, so they can be checked for consistency. If anything is trusted on the client and the .trn file (like gem/gold/whatever management), then this means someone can "hack" the easily accessed file (.trn files for his own nation) and cheat, with some trial and error (encrypting the .trn files would somewhat hamper this, though not prevent it).

Basic security - heck, I'd call it common sense, and always feel stupid for pointing this to my students - says, don't trust the client. The .trn files should not contain any information not available to the player "by the rules", either. Then, if it takes attacking the server to cheat, of course there are some people out there that will be able to do that, but (1) there will be fewer of them, (2) a security-conscious host will be able to at least add protection to his server, and (3) people with these kind of attack skills will probably have something better to do than cheat in some obscure TBS game http://forum.shrapnelgames.com/images/smilies/happy.gif